Add ability to opt-out dh param auto generation

2024-05-28 10:26:13 +02:00 · 2017-08-27 04:40:35 +07:00 · 2017-08-27 04:40:35 +07:00 · 4b22ccdc81
parent f05f7a0ff9
commit 4b22ccdc81
2 changed files with 8 additions and 1 deletions
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -16,7 +16,8 @@ fi

 # Generate dhparam file if required
 # Note: if $DHPARAM_BITS is not defined, generate-dhparam.sh will use 2048 as a default
-/app/generate-dhparam.sh $DHPARAM_BITS
+# Note2: if $GENERATE_DHPARAM is set to false in environment variable, dh param generator will skip completely
+/app/generate-dhparam.sh $DHPARAM_BITS $GENERATE_DHPARAM

 # Compute the DNS resolvers for use in the templates
 export RESOLVERS=$(awk '$1 == "nameserver" {print $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g')
--- a/generate-dhparam.sh
+++ b/generate-dhparam.sh
@ -2,6 +2,7 @@

 # The first argument is the bit depth of the dhparam, or 2048 if unspecified
 DHPARAM_BITS=${1:-2048}
+GENERATE_DHPARAM=${2:-true}

 # If a dhparam file is not available, use the pre-generated one and generate a new one in the background.
 # Note that /etc/nginx/dhparam is a volume, so this dhparam will persist restarts.
@ -25,6 +26,11 @@ if [[ -f $DHPARAM_FILE ]]; then
    fi
 fi

+if [[ $GENERATE_DHPARAM =~ ^[Ff][Aa][Ll][Ss][Ee]$ ]]; then
+    echo "Skipping Diffie-Hellman parameters generation and Ignoring pre-generated dhparam.pem"
+    exit 0
+fi
+
 cat >&2 <<-EOT
 WARNING: $DHPARAM_FILE was not found. A pre-generated dhparam.pem will be used for now while a new one
 is being generated in the background.  Once the new dhparam.pem is in place, nginx will be reloaded.